cli: Generate openssl.cnf snippet as file instead of writing it to terminal

certidude/cli.py

@@ -579,9 +579,13 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
     with open(ca_key, "wb") as fh:
         fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
 
-    click.echo("Insert following to /etc/ssl/openssl.cnf:")
+    with open(os.path.join(directory, "openssl.cnf.example"), "w") as fh:
+        fh.write(env.get_template("openssl.cnf").render(locals()))
+
+    click.echo("You need to copy the contents of the 'openssl.cnf.example'")
+    click.echo("to system-wide OpenSSL configuration file, usually located")
+    click.echo("at /etc/ssl/openssl.cnf")
     click.echo()
-    click.secho(env.get_template("openssl.cnf").render(locals()), fg="blue")
 
     click.echo()
     click.echo("Use following commands to inspect the newly created files:")

certidude/templates/openssl.cnf

@@ -1,3 +1,6 @@
+# You have to copy the settings to the system-wide
+# OpenSSL configuration (usually /etc/ssl/openssl.cnf
+
 [CA_{{slug}}]
 default_crl_days = {{revocation_list_lifetime}}
 default_days = {{certificate_lifetime}}
@@ -38,3 +41,4 @@ emailAddress = optional
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation,digitalSignature,keyEncipherment
 extendedKeyUsage = clientAuth
+